FactoryLink DownloadsThe download page for FactoryLink install media is protected
by your serial number. Only customers who have a valid serial number received through the order entry process will have access.

The Security Updates are available for download below.

Enter a valid FactoryLink 7.5 or 8.0 serial number to access the download page and click Continue. Then choose
the desired media format and components you need.

SECURITY UPDATE

Updated December 9, 2011

General Information

There were six vulnerabilities publically reported March 21, 2011 and two vulnerabilities were privately reported November 1, 2011
effecting FactoryLink versions 6.0.4 and higher. The publically reported vulnerabilities are:

7. Long strings entered in the location URL causes the WebClient activex to raise access violation.

01Nov2011

Siemens Update

8. Any file name could be entered in the save method for the activex "ActBar.ocx".

01Nov2011

MS Hotfix

At the present time, we are not aware of any current threat to our product by malware targeting the alleged vulnerabilities.

Recommendations

The security updates below address vulnerability numbers 1 through 5 and number 7 and are for FactoryLink versions 6.6.1, 7.5.2,
and 8.0.2. These versions represent the last maintenance releases of the last 3 major releases of FactoryLink and are being provided
as a service to our customers. Note: The security updates below are cumulative and supersede earlier versions and should be reapplied to any FactoryLink
system having already received an earlier version of the security update.

If you are running a different version of FactoryLink and require this security update, we recommend you upgrade to one of
these versions of FactoryLink and apply the appropriate security update.

Vulnerability 6 does not require an update / hotfix and can be addressed by a configuration change to your FactoryLink
application. Please refer to the documentation included with the updates for more details.

Vulnerability 8 effects a 3rd party ActiveX control, ActBar.ocx which is distributed with FactoryLink versions 7.x and 8.x
for use in FactoryLink's Client Builder. This vulnerability has been addressed in the Microsoft update referenced in the
Security Advisory listed below. This update prevents Actbar.ocx from being loaded by Internet Explorer(IE). The usage of
ActBar.ocx within Client Builder does not expose the vulnerable methods of the control to rogue web pages.